The vulnerability, which affects Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, could cause a crash and potentially allow an attacker to take control of the affected system.

Download this free guide

Don't become a victim!

Find out what are the most appropriate threat intelligence systems and services for your organisation

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The vulnerability affects version 10.2.154.25 and earlier for Chrome users and version 10.2.156.12 and earlier versions for Android.

Adobe warned of a vulnerability in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

But, the company says Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

There are reports this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file, delivered as an e-mail attachment, targeting the Windows platform.

However, Adobe says the company is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.

The company also points out that the risk for Adobe Reader X users is significantly lower, because this issue does not bypass Adobe Reader Protected Mode.

Adobe says it is in the process of finalising a schedule for delivering updates for all affected products, except Adobe Reader X.

"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June, 2011," the company said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy